{"id":2271,"date":"2023-12-27T14:00:00","date_gmt":"2023-12-27T14:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/how-to-prepare-for-ddos-attacks-during-peak-business-times"},"modified":"2023-12-27T14:00:00","modified_gmt":"2023-12-27T14:00:00","slug":"how-to-prepare-for-ddos-attacks-during-peak-business-times","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/12\/27\/how-to-prepare-for-ddos-attacks-during-peak-business-times\/","title":{"rendered":"How to Prepare for DDoS Attacks During Peak Business Times"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

Threat groups are constantly getting more sophisticated in their attempts to evade detection and enact harm. One common tactic that many security practitioners have witnessed is carrying out distributed denial-of-service (DDoS) attacks during <\/span>peak business times<\/a><\/span>, when companies are more likely to be short-staffed and caught unawares.<\/span><\/p>\n

While DDoS attacks are a year-round threat, we\u2019ve noticed an uptick in attacks during the holiday season. In 2022, Microsoft mitigated an average of <\/span>1,435 attacks every day<\/a><\/span>. These attacks spiked on Sept. 22, 2022, with approximately 2,215 attacks recorded, and continued at a higher volume until the last week of December. We saw a lower volume of attacks from June through August.<\/span><\/p>\n

One reason for this trend could be that during the holidays, many organizations are operating with reduced security staff and limited resources to monitor their networks and applications. The high traffic volumes and high revenues earned by organizations during this peak business season also make this time of year even more appealing for attackers.<\/span><\/p>\n

Cybercriminals often take advantage of this opportunity to attempt to execute lucrative attacks at little cost. With a cybercrime-as-a-service business model, a DDoS attack can be ordered from a DDoS subscription service for <\/span>as little as $5<\/a><\/span>. Meanwhile, small and midsize organizations pay an <\/span>average of $120,000<\/a><\/span> to restore services and manage operations during a DDoS attack.<\/span><\/p>\n

Knowing this, security teams can take proactive measures to help defend against DDoS attacks during peak business seasons. Keep reading to learn how.<\/span><\/p>\n

Understanding the Different Types of DDoS Attacks<\/span><\/h2>\n

Before we get into how to defend against DDoS attacks, we must first understand them. There are three main categories of DDoS attacks and a variety of different cyberattacks within each category. Attackers can use multiple attack types \u2014 including ones from different categories \u2014 against a network.<\/span><\/p>\n

The first category is volumetric attacks. This kind of attack targets bandwidth and is designed to overwhelm the network layer with traffic. One example could be a domain name server (DNS) amplification attack that uses open DNS servers to flood a target with DNS response traffic.<\/span><\/p>\n

Next you have protocol attacks. This category specifically targets resources by exploiting weaknesses in Layers 3 and 4 of the protocol stack. One example of a protocol attack could be a synchronization packet flood (SYN) attack that consumes all available server resources, thus making a server unavailable.<\/span><\/p>\n

The final category of DDoS attacks is resource layer attacks. This category targets Web application packets and is designed to disrupt the transmission of data between hosts. For example, consider an <\/span>HTTP\/2 Rapid Reset attack<\/a><\/span>. In this scenario, the attack sends a set number\u202fof HTTP requests using HEADERS followed by RST_STREAM. The attack then repeats this pattern to generate a high volume of traffic on the targeted HTTP\/2 servers.<\/span><\/p>\n

3 Proactive Measures to Help Defend Against DDoS Attacks<\/span><\/h2>\n

It\u2019s impossible for organizations to completely avoid being targeted by DDoS attacks. However, you can take a number of proactive steps to help strengthen your defenses in the event of an attack.<\/span><\/p>\n

\n